Chinese 'spec ops' hackers freely available for hire: Symantec

Although organised online crime has largely been considered to be state sponsored, Symantec now claims that it has uncovered a highly organised 50- to 100-strong hacking group in China that can be hired out to conduct attacks globally.

Symantec claims to have uncovered a Chinese professional hackers-for-hire group that it says is more sophisticated than those behind the recent APT1 hacking group .

Naming the group Hidden Lynx after the hidden words found in its command and control server communications, Symantec said that the group has early access to zero-day vulnerabilities, and rather than focusing on a single target, attacks hundreds of different organisations in different regions, sometimes at the same time.

"Given the breadth and number of targets and regions involved, we infer that this group is most likely a professional hacker-for-hire operation that are contracted by clients to provide information. They steal on demand, whatever their clients are interested in, hence the wide variety and range of targets," Symantec wrote on its blog.

The company believes that anecdotally, and due to the scale of attacks, the group consists of 50 to 100 operatives that have been organised into at least two teams. The first team is considered a front-line attack team, using basic techniques to attack and collect information, while the second is considered as more of an elite special operations unit.

The US is overrepresented in its share of Hidden Lynx's targets, with American organisations making up about 53 percent of its victims. Taiwan and China take second and third positions, at 16 and 9 percent share, respectively.

In terms of industries, however, the financial services sector is the more heavily targeted. Although hit the hardest, the larger commercial banks are largely ignored by the group. Instead, the attackers focused on investment banks, asset management agencies, and stock trading firms.

Symantec's white paper (PDF) into the matter claims that one of the world largest stock exchanges has been subject to an attack from the group. It does not specify the exchange by name.